From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from Ishtar.sc.tlinx.org (ishtar.tlinx.org [173.164.175.65]) by sourceware.org (Postfix) with ESMTPS id 4DDBC3865470 for ; Tue, 6 Jul 2021 13:57:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4DDBC3865470 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=tlinx.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tlinx.org Received: from [192.168.3.12] (Athenae [192.168.3.12]) by Ishtar.sc.tlinx.org (8.14.7/8.14.4/SuSE Linux 0.8) with ESMTP id 166DubvX021144 for ; Tue, 6 Jul 2021 06:56:39 -0700 Message-ID: <60E460C7.7010203@tlinx.org> Date: Tue, 06 Jul 2021 06:55:19 -0700 From: L A Walsh User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: cygwin@cygwin.com Subject: Re: objects created in a dir w/cygwin mangled perms; inherit no-access References: <60E14AAA.4000404@tlinx.org> <514405575.20210704172015@yandex.ru> In-Reply-To: <514405575.20210704172015@yandex.ru> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jul 2021 13:57:04 -0000 On 2021/07/04 07:20, Andrey Repin wrote: > The "+" at the end indicates presence of extended permissions. --- Ya, that's what I was referring to when I wrote about having 5 deny records at the front, though that didn't necessarily stand out. =E2=8D=A8 =20 Aside from the extended permissions, though, the net result=20 was me getting a 'no access' when I tried to look into the directory with explorer. While I did have access via a local shell, I also have no-access from bash on a remote system (the=20 samba domain controller on linux): > echo -n $(uname -n):;id |sed 's/groups.*//' Ishtar:uid=3D5013(law) gid=3D201(lawgroup) > ls -l newdir ls: reading directory 'newdir': Permission denied > ls -dl newdir dr-xrwxr-x 2 law lawgroup 0 Jul 6 05:20 newdir/ On local machine, same: > echo -n $(uname -n):;id |sed 's/groups.*//' Athenae:uid=3D5013(Bliss\law) gid=3D201(Bliss\lawgroup)=20 ls -dxlF newdir d---rwxr-x+ 1 Bliss\law Bliss\lawgroup 0 Jul 6 05:20 newdir/ > > What getfacl says? # file: newdir # owner: Bliss\law # group: Bliss\lawgroup user::--- user:root:--- user:law:--- user:Astara:--- group::rwx group:SYSTEM:rwx group:Administrators:rwx group:Users:r-x mask::rwx other::r-x default:user::--- default:user:root:--- default:user:law:--- default:user:Astara:--- default:group::rwx default:group:SYSTEM:rwx default:group:Administrators:rwx default:group:Users:r-x default:mask::rwx default:other::r-x > What is "progd" ? Did you mount some directory into Cygwin tree? Sorta, actually the cygtree mounted at 'C:\'.=20 So 2 Junctions and 1 symlinkd /Progd =3D> /ProgramData/ /Prog =3D> /Program Files (x86)/ /Prog64 =3D> /Program Files/ >=20 >> Of course I can overide, but why are such weird acls on >> this anyway? -- especially when it doesn't seem to really >> work? >=20 > Probably because of interpretation of the original Windows permissions.= --- Not exactly, I don't think. Windows doesn't add "DENY" entries up front. Seems like there should be a better way since MS's=20 subsystem for UNIX didn't seem to use all those=20 DENY entries that I ever saw. Am guessing they somehow came from those default CREATOR U/G entries on the parent directory. This problem has been around for a few years. Certainly, having it create no-access dirs for the user isn't desirable. I'm betting that they'd be denied locally as well if my local user didn't have admin override rights.